High-profile incidents bring cyber protection gap into focus

By Rebecca Delaney

(The Insurer) - Several high-profile cyber incidents in the UK and Europe this year have triggered little to no insurance recoveries, prompting concerns around the significant cyber insurance protection gap.

Most recently, several major European airports were disrupted on September 19 after hackers targeted check-in and boarding systems provider Collins Aerospace, with passengers facing long queues, cancellations and delays across Brussels, Dublin and London Heathrow.

Insurance market commentators said the attack underlined the proliferation of third-party exposures in cyber risk, particularly in the aviation sector, with losses likely to manifest in the insurance market through contingent business interruption claims by vendors.

Jaguar Land Rover (JLR) also reported a cyber incident this month, which has led to a pause in production at the Tata Motors-owned manufacturer.

The carmaker has said it expects to begin a phased restart of its operations “within the coming days”, having disclosed that it has been working with cybersecurity specialists, the UK's National Cyber Security Centre and law enforcement “to ensure our restart is done in a safe and secure manner”.

Three senior cyber insurance market sources told The Insurer that JLR did not finalise a cyber placement brokered by Lockton ahead of the incident.

The Insurer has been unable to confirm whether Tata has any cyber coverage of its own that may respond to the event.

Elsewhere, an April cyberattack on Britain's Co-op Group led to the temporary shutdown of several systems to contain the threat, causing operational disruption.

Finance chief Rachel Izzard said on September 25 that the event is expected to cost Co-op around 120 million pounds ($161 million) in lost profit this year, inclusive of limited insurance recovery.

“We had the front-end elements of cyber insurance in place in terms of the immediate response capabilities in the technology space for third parties, but we don't believe we will be claiming on insurance for back-end losses,” she said.

Co-op's group secretary and general counsel Dominic Kendal-Ward previously told the UK’s Business and Trade Committee in July that the group did not expect to make significant insurance recoveries from the event.

Kendal-Ward added that the decision not to specifically insure against the event was “not a reflection necessarily” on the quality of available insurance cover, but rather a consideration of the impact and likelihood of the risk along with the strength of Co-op’s balance sheet.

In a separate committee session, Marks & Spencer chairman Archie Norman said the retailer expected to make “a significant claim” and receive “a substantial recovery”, after disclosing a cyberattack on April 17 that significantly disrupted retail and online operations for more than seven weeks.

As previously reported by The Insurer, M&S has a WTW-brokered cyber policy in place providing up to 100 million pounds of cover.

A results filing by M&S in May said the attack was expected to cost the company roughly 300 million pounds in gross profit.

ADDRESSING THE PROTECTION GAP

Following the spate of incidents in 2025, commentators at this year’s Rendez-Vous in Monte Carlo urged market participants to stop “stealing business” from each other and instead concentrate on addressing the protection gap in the direct market.

Earlier this month, Swiss Re revised its compound annual growth rate estimate for the global cyber insurance market to 5% from 6% as from 2023, warning that the market will have to expand into underserved SME segments and non-U.S. territories to ensure future sustainability.

“You've got that whole untapped area of the market where people are not buying at all, and that's certainly something that everyone in the reinsurance industry would love to see addressed. We're just going to have to be patient,” said Rory Egan, head of cyber and analytics at Aon's Reinsurance Solutions, at the Rendez-Vous.

This is particularly pressing in the micro and SME segment, where cyber insurance take-up levels are even lower.

Daniel Carr, head of cyber at Ariel Re, described unlocking new buyers as the “main impediment” across the market, as this requires building effective, responsive covers from the ground up rather than scaling down or repricing the original large corporate product.

“At the smaller end, they've got a whole variety of different challenges and that can change by industry, by country, level of discretionary spend for an insurance product, how they perceive the risk, and what they would ultimately want help with,” he said.

Other suggestions to improve cyber insurance penetration included changes to distribution channels, such as offering cyber as an opt-out cover alongside personal lines insurance.

“The innovations that we drive in cyber is of this very undersaturated marketplace outside of the U.S.,” added Luke Foord-Kelcey, global head of cyber at Howden Re.